From 236fd6390a90e48a37a8c8eddec3cbdff94f26f0 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Wed, 4 Jun 2014 14:21:27 +0200
Subject: add MAPI over HTTP support

MAPI over HTTP is supported on at lease Exchange 2013 SP1
---
 config/squid3/31/squid_reverse.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 993508aa..53724fd6 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -170,7 +170,9 @@ function squid_resync_reverse() {
 					array_push($owa_dirs,'Microsoft-Server-ActiveSync');
 			if($settings['reverse_owa_rpchttp'])	
 					array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll');
-			if($settings['reverse_owa_webservice']){
+			if($settings['reverse_owa_mapihttp'])	
+					array_push($owa_dirs,'mapi');
+					if($settings['reverse_owa_webservice']){
 					array_push($owa_dirs,'EWS');
 					$conf .= "ignore_expect_100 on\n";
 					}	
-- 
cgit v1.2.3


From ee145ac6f83563d78f362057433d6ca33320778e Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Wed, 4 Jun 2014 14:25:28 +0200
Subject: correct formatting

---
 config/squid3/31/squid_reverse.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 53724fd6..f438b4e3 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -172,7 +172,7 @@ function squid_resync_reverse() {
 					array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll');
 			if($settings['reverse_owa_mapihttp'])	
 					array_push($owa_dirs,'mapi');
-					if($settings['reverse_owa_webservice']){
+			if($settings['reverse_owa_webservice']){
 					array_push($owa_dirs,'EWS');
 					$conf .= "ignore_expect_100 on\n";
 					}	
-- 
cgit v1.2.3


From 9d1e12beb5196e721e92d98458371e3342182d7b Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Wed, 4 Jun 2014 16:34:03 +0200
Subject: do not revert the round-robin patch 1bcfd29

---
 config/squid3/31/squid_reverse.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index f438b4e3..92bef0fb 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -107,7 +107,7 @@ function squid_resync_reverse() {
  	 foreach ($reverse_peers as $rp){
  		if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
  			$conf_peer = "#{$rp['description']}\n";
- 			$conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS ";
+ 			$conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin";
  			if($rp['protocol'] == 'HTTPS')
 	            	$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
 			$conf_peer .= "name=rvp_{$rp['name']}\n\n";
-- 
cgit v1.2.3


From 23dcdaeb56f1b64aff37cf71eb26c0bc42e1dd42 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Sat, 7 Jun 2014 17:45:45 +0200
Subject: fix bungled config

see https://forum.pfsense.org/index.php?topic=73301.msg424937#msg424937
---
 config/squid3/31/squid_reverse.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 92bef0fb..4ac7fe82 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -107,7 +107,7 @@ function squid_resync_reverse() {
  	 foreach ($reverse_peers as $rp){
  		if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
  			$conf_peer = "#{$rp['description']}\n";
- 			$conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin";
+ 			$conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin ";
  			if($rp['protocol'] == 'HTTPS')
 	            	$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
 			$conf_peer .= "name=rvp_{$rp['name']}\n\n";
-- 
cgit v1.2.3


From 47a250e0d2b516cc87c7b582fda6f548c33c3d73 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Fri, 13 Jun 2014 11:52:37 +0200
Subject: allow multiple CAS-servers, correct checks

---
 config/squid3/31/squid_reverse.inc | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 4ac7fe82..418220c3 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -100,8 +100,17 @@ function squid_resync_reverse() {
 
 	//PEERS
  	if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])))
- 		$conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n";
+		
+		if(!empty($settings['reverse_owa_ip'])) {
+			$reverse_owa_ip = explode(";", ($settings['reverse_owa_ip']));
+			$casnr = 0;
+			foreach ($reverse_owa_ip as $reowaip) {
+				$casnr++;
+				$conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n";
 
+			}
+		}
+		
  	$active_peers=array();
  	if (is_array($reverse_peers))
  	 foreach ($reverse_peers as $rp){
@@ -211,8 +220,13 @@ function squid_resync_reverse() {
 
 	//ACCESS
   	if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") {
-		$conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n";
-		$conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n";
+		
+		for($cascnt=1;$cascnt<$casnr+1;$cascnt++)
+		{
+			$conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n";
+			$conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n";
+		}
+		
 		$conf .= "never_direct allow OWA_URI_pfs\n";
 		$conf .= "http_access allow OWA_URI_pfs\n";        
 		}
-- 
cgit v1.2.3


From 15dd9887e6c3c4c2d78dddca38a6fda7f997ab88 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Fri, 13 Jun 2014 14:53:51 +0200
Subject: fixed reverse owa

OWA does not work with round-robin
---
 config/squid3/31/squid_reverse.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 418220c3..798fead0 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -106,7 +106,7 @@ function squid_resync_reverse() {
 			$casnr = 0;
 			foreach ($reverse_owa_ip as $reowaip) {
 				$casnr++;
-				$conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n";
+				$conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n";
 
 			}
 		}
-- 
cgit v1.2.3


From a1538e7d5450ca85fa2a2536086e0203b84beef6 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Tue, 17 Jun 2014 08:51:48 +0200
Subject: enable AutoDiscover HTTP

---
 config/squid3/31/squid_reverse.inc | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 798fead0..20e16739 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -106,8 +106,8 @@ function squid_resync_reverse() {
 			$casnr = 0;
 			foreach ($reverse_owa_ip as $reowaip) {
 				$casnr++;
-				$conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n";
-
+				$conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n";
+				$conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASS name=OWA_HOST_80_{$casnr}_pfs\n";
 			}
 		}
 		
@@ -193,6 +193,7 @@ function squid_resync_reverse() {
 		if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
 			$reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
 			$conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
+			$conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
 			}
 		}
 	//$conf .= "ssl_unclean_shutdown on";
@@ -223,8 +224,10 @@ function squid_resync_reverse() {
 		
 		for($cascnt=1;$cascnt<$casnr+1;$cascnt++)
 		{
-			$conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n";
-			$conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n";
+			$conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n";
+			$conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n";
+			$conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n";
+			$conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n";
 		}
 		
 		$conf .= "never_direct allow OWA_URI_pfs\n";
-- 
cgit v1.2.3


From a579dfb326bb24443f0d7da0dbcde27a527cb9aa Mon Sep 17 00:00:00 2001
From: Martin Fuchs <mfuchs77@gmail.com>
Date: Tue, 17 Jun 2014 20:07:19 +0200
Subject: add autodiscover url for self-hosted domains

as tested in microsoft-connectivity-analyzer
---
 config/squid3/31/squid_reverse.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'config/squid3/31/squid_reverse.inc')

diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 20e16739..d2611c79 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -192,8 +192,10 @@ function squid_resync_reverse() {
 			
 		if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
 			$reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
-			$conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
+			$conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
+			$conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
 			$conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
+			$conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
 			}
 		}
 	//$conf .= "ssl_unclean_shutdown on";
-- 
cgit v1.2.3